]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8290014)
CVE-2026-4480/CVE-2026-4408: lib/util: add more unsafe characters to STRING_SUB_UNSAF...
authorStefan Metzmacher <metze@samba.org>
Thu, 23 Apr 2026 16:21:08 +0000 (18:21 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 26 May 2026 12:51:32 +0000 (12:51 +0000)
|&<> are unsafe characters for shell processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
lib/util/substitute.h patch | blob | blame | history

diff --git a/lib/util/substitute.h b/lib/util/substitute.h
index b183d864671a5d65c9ce7b30b91701e1c9fcde7b..41f56c73ba2c24522902f399ac317487c864a90b 100644 (file)
--- a/lib/util/substitute.h
+++ b/lib/util/substitute.h
@@ -26,7 +26,7 @@
 
 #include <talloc.h>
 
-#define STRING_SUB_UNSAFE_CHARACTERS "$`\"';%"
+#define STRING_SUB_UNSAFE_CHARACTERS "$`\"';%|&<>"
 
 /**
  Substitute a string for a pattern in another string. Make sure there is
Mirror of https://github.com/samba-team/samba.git